Userspace Networking Stack + WireGuard + Go
Julian Orth
ju.orth at gmail.com
Wed Jan 13 16:26:08 UTC 2021
On 13/01/2021 17.04, Jason A. Donenfeld wrote:
> Even if you're unprivileged and want a WireGuard interface for just a
> single application that's bound to the lifetime of that application,
> you can still use WireGuard's normal kernel interface inside of a user
> namespace + a network namespace, and get a private process-specific
> WireGuard interface.
That's what my patches from back in 2018 were trying to accomplish.
Unless I've missed something since, I do not see how what you're
describing would work. Unless you also
- create a TUN device in the network namespace
- add a default route through that TUN device
- manually route all traffic between the init network namespace and your
network namespace.
Is that what you meant or is there a simpler way?
More information about the WireGuard
mailing list